Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Nov 2008 16:13:15 -0500
From: Kvetch <>
Subject: ntlm and lm hashes questions

I have a Windows hash output file that contains some lm hashes and
some ntlm hashes.  Not every user has an lm hash so I would like to
crack ntlm hashes when lm hashes are not present.  I applied the
ntlm-alainesp patch to John so I can crack ntlm hashes when need be.
>From what I can tell, if I don't specify the format John only attempts
the lm hashes.  Is this correct?  Is there a way to have it crack the
ntlm if no lm is present or will I need to run the processes
separately, once with the format=LM and then once with format=NT using
the cut field delimited method listed on the "uppercase only thread" -

I want to test via a wordlist first and after that is done try an
incremental against it.  If I want to try cracking the hashes against
a dictionary wordlist first, do I have to modify the john.conf rule to
be List:Rules:Wordlist or is specifying the -w:wordfile option enough?
 My john command seems to stop quickly right after I run the following

./john --session=test -w:/mydictfile myhashes
It says it loaded 17 password hashes with no different salts (LM DES
[128/128 BS SSE2])
*     (userC:2)
1     (userB:2)
3     (userA:2)
guesses: 3 time 0:00:00:01 100% c/s: 8122k trying: } TTDEEL - ~

Is my command incorrect, why is it stopping so soon?  Do I need to
change the conf to have the Rules:Wordlist and then run
./john --session=test -w:/mydictfile -rules myhashes
in order to perform a dictionary attack?

Thank you.

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.